view tests/test-ui-verbosity.py @ 28663:ae279d4a19e9 stable 3.7.3

convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
author Mateusz Kwapich <mitrandir@fb.com>
date Tue, 22 Mar 2016 17:27:27 -0700
parents 4c50552fc9bc
children 870dae78234c
line wrap: on
line source

import os
from mercurial import ui

hgrc = os.environ['HGRCPATH']
f = open(hgrc)
basehgrc = f.read()
f.close()

print '      hgrc settings    command line options      final result   '
print '    quiet verbo debug   quiet verbo debug      quiet verbo debug'

for i in xrange(64):
    hgrc_quiet   = bool(i & 1<<0)
    hgrc_verbose = bool(i & 1<<1)
    hgrc_debug   = bool(i & 1<<2)
    cmd_quiet    = bool(i & 1<<3)
    cmd_verbose  = bool(i & 1<<4)
    cmd_debug    = bool(i & 1<<5)

    f = open(hgrc, 'w')
    f.write(basehgrc)
    f.write('\n[ui]\n')
    if hgrc_quiet:
        f.write('quiet = True\n')
    if hgrc_verbose:
        f.write('verbose = True\n')
    if hgrc_debug:
        f.write('debug = True\n')
    f.close()

    u = ui.ui()
    if cmd_quiet or cmd_debug or cmd_verbose:
        u.setconfig('ui', 'quiet', str(bool(cmd_quiet)))
        u.setconfig('ui', 'verbose', str(bool(cmd_verbose)))
        u.setconfig('ui', 'debug', str(bool(cmd_debug)))

    check = ''
    if u.debugflag:
        if not u.verbose or u.quiet:
            check = ' *'
    elif u.verbose and u.quiet:
        check = ' +'

    print ('%2d  %5s %5s %5s   %5s %5s %5s  ->  %5s %5s %5s%s'
           % (i, hgrc_quiet, hgrc_verbose, hgrc_debug,
              cmd_quiet, cmd_verbose, cmd_debug,
              u.quiet, u.verbose, u.debugflag, check))